ATR-2026-00150criticalContext Exfiltrationexperimental
Credential Data Leaked in Tool Response
Detects private keys, API tokens, or credential material embedded in tool responses. Attackers embed credential data in seemingly benign tool output (weather, search results) to trick agents into exfiltrating secrets. Crystallized from 37 adversarial social_engineering samples.
Severity
critical
Category
Context Exfiltration
Scan Target
mcp
Author
ATR Threat Cloud Crystallization
Response Actions
block toolalert
References
OWASP Agentic
ASI01:2026 - Agent Behaviour Hijack
OWASP LLM
LLM01:2025 - Prompt Injection
More Context Exfiltration Rules
ATR-2026-00020highSystem Prompt and Internal Instruction LeakageATR-2026-00021criticalCredential and Secret Exposure in Agent OutputATR-2026-00075highAgent Memory ManipulationATR-2026-00102highData Exfiltration via Disguised Analytics CollectionATR-2026-00113criticalCredential File Theft from Agent Environment